[squid-users] SSL errors with Squid 3.5.27

Julian Perconti vh1988 at yahoo.com.ar
Wed Jun 13 21:20:59 UTC 2018 

>Yes. With "debug_options ALL,9" and a "grep --context=10 'FD nn'" f the resulting cache.log for whatever the FD number is in the test after you update the logging content. Some of those lines should show >what is happening on >that FD, maybe some clues in there.
>

OK Amos,
I Will try that debug options and then post here...

> 
> Some whatsapp/Facebook server with the command:
> 
> Openssl s_client -connect -showcerts x.x.x.x:443
> 
> Does not shows any cert and establishes a connection with TLS 1.2...
> 
> Any idea?
>
>Probably something you are not noticing, or think is irrelevant but actually is.
>
>Since you are hiding the details of what is going on we cannot replicate and see for ourselves if there is any hint in those hidden results which anyone with more knowledge might find.
>
>Amos

#####
Here a example:
#####

openssl s_client -connect 31.13.94.54:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 290 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1528924452
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

#####
And the whois that server:
#####

whois 31.13.94.54
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '31.13.94.0 - 31.13.94.255'

% Abuse contact for '31.13.94.0 - 31.13.94.255' is 'domain at fb.com'

inetnum:        31.13.94.0 - 31.13.94.255
netname:        MNL1
descr:          Facebook
country:        PH
admin-c:        RD4299-RIPE
tech-c:         RD4299-RIPE
status:         ASSIGNED PA
mnt-by:         fb-neteng
mnt-lower:      fb-neteng
mnt-routes:     fb-neteng
created:        2014-06-11T19:03:34Z
last-modified:  2014-06-11T19:03:34Z
source:         RIPE

role:           RIPE DBM
address:        1601 Willow Rd.
address:        Menlo Park, CA, 94025
admin-c:        PH4972-RIPE
tech-c:         PH4972-RIPE
nic-hdl:        RD4299-RIPE
mnt-by:         fb-neteng
created:        2011-04-11T18:49:50Z
last-modified:  2013-08-14T15:49:58Z
source:         RIPE # Filtered
abuse-mailbox:  domain at fb.com

% This query was served by the RIPE Database Query Service version 1.91.2 (ANGUS)

#####

The same if the server had been whatsapp, etc...

Thanks!

More information about the squid-users mailing list